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II. AMENDMENTS TO THE CLAIMS 

The following listing of claims replaces all prior versions, and listings, of claims in the 
application: 

I 

1. (Currently Amended) A method of protecting security of a network server from unauthorized 
content contained in a message received by said server from a user, the messai>ejn_cjujdj_ng 
information for constmctini^ajjuerv to access data of the server, the method comprising: 

intercepting said message before any con tent of said m essage is processed by said server; 

examining said message to determine if it contains one or more unauthorized elements, 
the examining comprising: 

recei ving iden ti fication of an execution program set to be used to process said 

message received; 

retrieving identification of all message types associated with said execution 
program set; 

examining said message received by said server in relation, to said message types 
associated with said execution program set; and 

determining if said message received by said server contains an unauthorized 
element in relation to the corresponding message type for said message received; 
if it is determined that said message contains an unauthorized element preventing said 
message received from being processed by said server; 

if it is determined that said message does not contain an unauthorized element allowing 
said message received to be processed by said server. 
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2. (Original) The method of claim 1 wherein, if it is determined that said message received 
contains an unauthorized element, preventing said message received from being processed by 
said server, and causing an error notification to be sent to said user. 

3. (Cancelled). 

4. (Previously Presented) The method of claim 1 wherein, if it is determined that said message 
received contains an unauthorized element, causing an error notification to be sent to said user. 

5. (Currently Amended) A method of protecting security of an Internet network server from 
unauthorized content contained in a message received over the Internet by said server from a 
user, themesgagg including information for constnicjing a query to_access data of the server, the 
method comprising: 

intercepting said message before any content of said message is processed by said server; 
examining $aid message to determine if it contains one or more unauthorized elements, 
the examining comprising: 

receiving identification of an execution page to be used to process said message 
received; 

retrieving identification of all message types associated with said execution page; 
examining said message received by said server in relation to said message types 
associated with said execution page; and 
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detennining if said message received by said server contains an unauthorized 
element in relation to a conressponding message type for said message received; 
if it is determi n ed that said message contains an unauthori zed element, preventing said 

message received from being processed by said server; 

if it is determined that said message received does not contain an unauthorized element, 

allowing said message recei ved to be processed by said server. 

6. (Original) The method of claim 5 wherein, if it is determined that said message received 
contains an unauthorized element preventing said message received from being processed by said 
server, causing an error notification to be sent to said user. 

7. (Cancelled). 

8. (Previously Presented) The method of claim 5 wherein, if it is determined that said message 
received contains an unauthorized element, causing an error notification to be sent to said user. 

9. (Original) The method of claim 8 wherein, if it is determined that said message received does 
not contain an unauthorized element, allowing said message received to be processed by sard 
server. 

10. (Previously Presented) The method of claims 1 or 5, wherein said message comprises a 
name- value pair. 
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11. (Original) The method of clai m 10 wherein said element comprises one or more of the 
following items: an instruction, a command, a character, a parameter, a token, or a string of any 
of said previous items. 

12. (Original) The method of claims 1 1 wherein said element is interpretable as an instruction or 
command by said server. 

13. (Currently Amended) Security control apparatus for controlling the security of a network 
$erver from unauthorized content contained in a message received from a user of said serve r, the 
message including information for constructing a query to access data of the server, the apparatus 
comprising: 

means for intercepting said message received before any content of said message is 
processed by said server; 

means for examining said message received to determine if it contains one or more 
unauthorized elements, the means for examining further comprising: 

means for receiving identification from said user of an execution page retrievable 
by said server to be used to process said message received; 

means for retri eving identification of message types associated with said 
execution page from facilities associated with said server; 

means for examining said message received by said server in relation to said 
message types associated with said execution page; and 

means for determining if said message received by said server contains an 
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unauthorized element in relation to a corresponding message type for said message 
received; 

means for preventing said message received from being processed by said server if it is 
determined that said message received contains an unauthorized element; 

means for allowing said message received to be processed by said server if it is 
determined that said message received does not contain an unauthorized element. 

14. (Previously Presented) The apparatus of claim 1 3 wherein said n etwork server comprises an 
Internet network server and said message is received over the Internet by said server from a user. 

1 5. (Original) The apparatus of claim 1 3 or 1 4 further comprising means for returning an error 
message to said user. 

16. (Cancelled). 

17. (Cancelled). 

18. (Previously Presented) The apparatus of claim 13 wherein said message comprises a name- 
value pair and said element is contained by said name-value pair. 
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19. (Origin al ) The apparatus of claim 18 wherein said element comprises one or more of the 
following items: an instruction, a command, a character, a parameter, a token, or a string of any 
of said previous items. 

20. (Original) The apparatus of clai m 19 wherein sai d element is interpretable as an in struction or 
command by said server. 

21. (New) The method of clai m 1, wherein the message types are chosen from the group 
consisting of: 

single token; 
String; 

multiple tokens without keywords: OR, UNION and SEMI-COLON; 
multiple tokens without keywords: UNION and SEMI-COLON; 
multiple tokens without keywords: SEMI-COLON; and 
multiple tokens without restriction, 

22. (New) The method of claim 5, wherein the message types are chosen from the group 
consisting of: 

single token; 
string; 

multiple tokens without keywords: OR, UNION and SEMI-COLON; 
multiple tokens without keywords: UNION and SEMI-COLON; 
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multiple tokens without keywords: SEMI-COLON; and 
multiple tokens without restriction. 

23. (New) The apparatus of claim 13, wherein the message types are chosen from the group 
consisting of: 

single token; 

string; 

multiple tokens without keywords: OR, UNION and SEMI-COLON; 
multiple tokens without keywords: UNION and SEMI-COLON; 
multiple tokens without keywords: SEMI-COLON; and 
multiple tokens without restriction. 
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